Bug 1733505 - Non admin user can not query API /katello/api/capsules/:id
Summary: Non admin user can not query API /katello/api/capsules/:id
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.4.0
Hardware: All
OS: All
unspecified
low
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Radovan Drazny
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-26 10:02 UTC by roarora
Modified: 2023-03-24 15:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-09 17:02:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 30385 0 Normal New Non admin user can not query API /katello/api/capsules/:id 2021-01-21 09:39:51 UTC

Description roarora 2019-07-26 10:02:34 UTC 
Description of problem:

If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response : 
"message": "Resource smart_proxy not found by id '1'"

Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same.

User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id

The API /katello/api/capsules/:id is called  by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user.

Version-Release number of selected component (if applicable):
6.4
6.5

How reproducible:
Always

Steps to Reproduce:
1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin 
2. Run following api with above user and it fails
# curl -u user:password https://satellite.example.com/katello/api/capsules/1

Actual results:
APi fails with response "message": "Resource smart_proxy not found by id '1'"

Expected results:
Non admin user should be able to call that API with appropriate permissions assigned
Comment 4 Marek Hulan 2019-11-21 11:13:02 UTC 
Is the user assigned to the same organization and location as the capsule? Does the user have permission to view_organizations and view_locations (potentially limited to only these)?
Comment 5 Jessica Hanley 2019-12-12 20:08:37 UTC 
Marek: Yes, the user was already assigned to the same organization and location as the capsule, and the user's role already had the view_organizations and view_locations permissions.
Comment 6 Shira Maximov 2020-07-13 13:50:36 UTC 
Created redmine issue https://projects.theforeman.org/issues/30385 from this bug
Comment 7 Mike McCune 2021-03-16 15:58:36 UTC 
Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. If you have any concerns about this, please contact your Red Hat Account team.  Thank you.
Comment 9 Mike McCune 2021-07-09 17:02:24 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this feel free to contact your Red Hat Account Team. Thank you.
Note You need to log in before you can comment on or make changes to this bug.